HIMSS25 Takeaways: Passwords are Out & Mobile is In

Amy Koczera, Global Public Relations Manager, Imprivata

HIMSS provides a glimpse into the future of healthcare IT – here are some of our highlights from this year’s event.

Various photos of Imprivata's booth at HIMSS 2025

 

The annual HIMSS Conference is always a whirlwind, but this year felt different. Between the uncertainty that accompanies a new administration, a rapidly changing regulatory landscape, and the buzz of new tech, one thing was clear: the intersection of care delivery and IT has reached an inflection point.

A lot is evolving—from the way clinicians access information to how organizations manage security risks. For those who weren’t there, here’s what really stood out to us at HIMSS 2025.

Healthcare is on the Journey to Passwordless

Photo of passwordless panel at HIMSS 2025

It was hard to walk more than a few feet in the Imprivata booth without hearing someone talk about passwordless authentication.

One of our customer-led presentations featured IT and cybersecurity leaders from the Cleveland Clinic and University Hospitals, who covered the steps organizations can take to implement passwordless authentication.

“As cybersecurity practitioners, we should be engineering solutions that allow for a great user experience so that’s what they want to use, rather than trying to find the workarounds,” said John Doan, Sr. Director of Cybersecurity Advisory at Cleveland Clinic, during the session.

Passwordless options like facial biometrics or badge-tap access can enforce identity verification to ensure secure access without slowing clinicians down in the process, like traditional passwords often do.

“If we could get to passwordless, this will make the best caregiver experience,” said Tracey Touma, Sr. Cybersecurity Business Liaison at Cleveland Clinic.

“Everything is future-proofing,” said Michael Mulcahy, RN, IT Virtualization Engineer at UH hospitals. He explained that his organization has approached passwordless by implementing facial recognition and installing cameras on workstations—something he views as a multi-purpose investment that can also be used for other clinical processes, like telehealth appointments, and pay dividends in the future

“We try to future-proof ourselves by putting cameras on all our workstations so that when facial comes into it…we’re already ready as an infrastructure,” said Michael.

We try to future-proof ourselves by putting cameras on all our workstations so that when facial comes into it…we’re already ready as an infrastructure.

“Strategically, everyone should be moving more towards identity verification versus authentication,” concluded John. “A password only proves that you know something versus proving that you’re the person that should have access to this system.”

Mobile is Shaping the Future of Clinical Access

The push for more mobile workflows was another theme, with Boston Children’s Hospital and HCA Healthcare sharing their approaches to mobile and its real-world impact on clinician and patient satisfaction.

Image of Boston Children's and HCA presentations at HIMSS 2025

With the help of Imprivata Mobile Access Management, HCA leaders described how they can monitor device usage, provision and de-provision devices for each user based on their specific needs, and utilize data analytics for asset tracking and workflow optimization. 

“We have seen some really great improvements thus far at some of our pilot sites with the adoption, as well as the single auto-fill capabilities within these apps,” said Heather Johnson, Assistant VP at HCA. “That’s been a huge winner for us from the clinician access perspective. But even from an analytics perspective, [seeing] where that device movement is within a facility has been huge for us.”

By utilizing a shared device model, the organization successfully optimized 105,000 shared mobile devices for their clinical workforce, which is spread across 186 hospitals.

Cybersecurity is Becoming a Patient Safety Issue

No longer just a topic for IT teams, cybersecurity is becoming top of mind for clinical leadership. 

“Cybersecurity is challenged with risk,” said Tracey Touma while presenting on Cleveland Clinic’s approach to this challenging issue.

“We are supposed to make sure that we are enabling the business to take care of patients in the most secure way we can,” she explained. “Our idea of the future is passwordless—that we have secure access to preserve patient data, and to also make sure our authentication process is a better experience for all people, including patients.”

Addressing a Patient Misidentification Crisis with Biometrics

Image of Dr. Sean Kelly, MD moderating a panel at HIMSS

Patient misidentification remains a massive, and often under-discussed, issue. During a main-stage panel moderated by Dr. Sean Kelly, MD, Imprivata Chief Medical Officer, clinical leaders from UMass Memorial and NYC Health and Hospitals put numbers to the problem—duplicate records, patient mix-ups, and costly errors that biometrics could help eliminate.

Dr. Eric Alper, MD, Chief Quality Officer & Chief Clinical Informatics Officer at UMass Memorial Hospital, emphasized the challenges that result from misidentification, like medical errors, billing issues, and increased workloads.

“This results in a lot of re-work for our teams,” he said. “Our HIM teams need to merge charts to get things connected back together, this takes hundreds of hours per year.”

Photo of Dr. Eric Alper presenting at HIMSS 2025

Existing processes for patient identification typically consist of asking for a name, date of birth and other identifiers like a home address. But even these can result in duplicate records that lead to misidentification, 

“In order to properly identify a patient, we need something more reliable,” he said. “A biometric is permanent, you can use that in many more situations to ensure and save patient care.”

By utilizing facial biometrics for patient identification with Imprivata Patient Access, healthcare organizations like UMass are not only making registration processes smoother—they’re also improving patient safety. 

Third-Party Access Remains Healthcare’s Biggest Security Gap

Photo of Third Party Access Panel at HIMSS 2025

One year after the Change Healthcare cyberattack, the industry is still struggling to protect systems from third-party vulnerabilities.

New research from Imprivata puts the issue into stark terms—44% of healthcare organizations suffered a breach due to third-party access in the past year. 

“The threat actors are becoming more and more aggressive in how they’re compromising systems,” said Keith Duemling, Chief Information Security Officer at Catholic Hospital during a presentation highlighting Imprivata’s research.

The healthcare industry is particularly susceptible to attacks since they work with hundreds of vendors, making it critical for IT and security leaders to take a robust approach.

“The complexity is only increasing year over year,” he said. “You need to change the mindset of the organization to tackle how you build the relationships with third parties, how you maintain them through supply chain, legal, and on an operational basis.”

At the Imprivata booth, live demos showed how Vendor Privileged Access Management can reduce these risks—but the broader industry takeaway? Third-party security can’t be an afterthought anymore.

Imprivata demo

 

What’s Next? More Automation, More Security, Less Friction

So, what did we learn at HIMSS25? Passwords are on the way out. Mobile is making life easier for clinicians. And cybersecurity is a frontline issue. 

But there’s still work to do—and by the time we gather for HIMSS 2026, the way we think about clinical access could look very different.

For more insights from HIMSS 2025 and beyond, subscribe to the Imprivata newsletter.